Hi,
I have transparent proxy running pretty well
and caching ok.
I'm not sure where to post, but since
it is also a squid configuration issue, I'd
try here.
Currently, all outgoing port 80 calls are
being routed (via iptables) to the squid
box and then routed back through to the
routing machine and out to the 'Net.
That's ok if I want to limit destination
domains/IPs or even browsers.
But how do I restrict Src ips? As it
stands, all the port 80 packets that
are sent to the 'net from the clients
are DNATd to the Squid box and SNAT
from the routing-box.
so if I have the following:
acl No_131 192.168.10.131/32
deny_info ERR_NO_ACCESS No_131
http_access denied No_131
It won't work because all the packets
that are going to the Squid box have
source IPs of 192.168.10.3, which is
my iptables machine.
Would anyone have any suitable solution to
be able to restrict access to the 'Net'
using Squid?
I believe I can also restrict net access
via IPtables, but I'd prefer not to fiddle
with the iptables setup.
Any help appreciated.
Received on Sun Aug 31 2003 - 22:19:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:18 MST